I just had a quick look on / test of Fedora Server 36 (rawhide 22-02-18).
- Installation of DVD went smooth and ssh login via administrative user worked fine
- Before I even did anything I noticed a SELinux ACE (SELinux prevents 20-chrony-dhcp from accessing file enp1s0.sources with create access) which then appeared repeatedly several times.
Didn't cause any noticeable problems, but makes an ==untrustworthy impression== of the whole distribution when we not even have our highly praised security system under control.
- Tried to install a system-nspawn mockup container without success. Couldn’t boot the container, got:
——<
Welcome to Fedora Linux 36 (Thirty Six Prerelease)!
Failed to load BPF object: Operation not permitted BPF LSM hook not enabled in the kernel, LSM BPF not supported Queued start job for default target graphical.target.
—-<
Using headless server, wondering a bit about graphical target.
I got a login prompt, but after typing in the credentials the prompt was just repeated, no working login.
Starting it as system service produced the same SELinux bug that I've reported for years (since about F31 or so). Another indication that we are not in control of our security system.
Unfortunately, I’m too stupid to understand how to enter something into our QA tracking system (apart from a bug report that probably won't fare any better than the ones already there).
Has anyone else tried the rawhide pre-release version?
On Sat, 2022-02-19 at 23:06 +0100, Peter Boy wrote:
I just had a quick look on / test of Fedora Server 36 (rawhide 22-02-18).
Installation of DVD went smooth and ssh login via administrative user worked fine
Before I even did anything I noticed a SELinux ACE (SELinux prevents 20-chrony-dhcp from accessing file
enp1s0.sources with create access) which then appeared repeatedly several times.
Didn't cause any noticeable problems, but makes an ==untrustworthy impression== of the whole distribution when we not even have our highly praised security system under control.
- Tried to install a system-nspawn mockup container without success. Couldn’t boot the container, got:
——<
Welcome to Fedora Linux 36 (Thirty Six Prerelease)!
Failed to load BPF object: Operation not permitted BPF LSM hook not enabled in the kernel, LSM BPF not supported Queued start job for default target graphical.target.
—-<
Using headless server, wondering a bit about graphical target.
I got a login prompt, but after typing in the credentials the prompt was just repeated, no working login.
Starting it as system service produced the same SELinux bug that I've reported for years (since about F31 or so). Another indication that we are not in control of our security system.
Unfortunately, I’m too stupid to understand how to enter something into our QA tracking system (apart from a bug report that probably won't fare any better than the ones already there).
Has anyone else tried the rawhide pre-release version? _______________________________________________ server mailing list -- server@lists.fedoraproject.org To unsubscribe send an email to server-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
I was able to download the server version.
I used virt-manager to install it on a brand new vm.
Everything seemed to come up okay.
Used DNF to download ansible 5.
Ran ansible tests for about 30 mins, then the VM hung. Forced shutdown showed successful in virt-manager. Run in virt- manager would not start the vm. I gave the VM 4Gb of memory and 2 cpu's. Hopefully it was not the OOM stuff that caused the issue.
Did not file a bug report yet. Will try to do some more testing the next few days.
John
On Sat, Feb 19, 2022 at 11:06:44PM +0100, Peter Boy wrote:
- Before I even did anything I noticed a SELinux ACE (SELinux prevents 20-chrony-dhcp from accessing file enp1s0.sources with create access) which then appeared repeatedly several times.
Didn't cause any noticeable problems, but makes an ==untrustworthy impression== of the whole distribution when we not even have our highly praised security system under control.
Currentlty, such messages are considered blockers when they appear in release-blocking desktops. https://fedoraproject.org/wiki/Fedora_36_Final_Release_Criteria#SELinux_and_...
This is basically with the same reasoning you give -- even if it's harmless, it gives a very bad first impression.
The Server WG might ask QA to make them a blocker for Server Edition as well.
Unfortunately, I’m too stupid to understand how to enter something into our QA tracking system (apart from a bug report that probably won't fare any better than the ones already there).
If there are bugs that violate the release criteria, use the Blocker Bugs app (https://qa.fedoraproject.org/blockerbugs/propose_bug) to propose it as such.
If the bug doesn't violate an explicit criteria but should still be fixed, Freeze Exception might be appropriate. There's also the Prioritized Bugs process, which doesn't tie the fix to a release specifically -- might be more appropriate for some of the long-standing ones.
https://docs.fedoraproject.org/en-US/program_management/prioritized_bugs/
server@lists.fedoraproject.org